If SMBs didn’t feel they were living in a Hollywood movie in 2017, then they will over the next twelve months. These six security predictions for 2018 will turn science-fiction into science fact – and we had better be ready for them.
In 2018, SMBs may well find themselves again caught in the crossfire between Russia, China and the USA. More cyberweapons will be developed by both sides – and by new countries as well – and these weapons, such as powerful mobile surveillance spyware, will trickle down to cybercriminals. These hard-to-detect weapons will again be used to steal data, cause disruption and gain intelligence.
The good news is that these kinds of cyberweapons can easily be defeated by the basics of cybersecurity. This is because the creators of these weapons use our own limitations against us. The hackers rely on known weaknesses in software to breach cyber defences of businesses, in the knowledge that many businesses, due to limited resources, expertise or confidence, do not update their software regularly.
The gangsters will continue to exploit the fact that many businesses don’t change the passwords that the devices or network administration software come with from the manufacturer.
Next year the Internet of Things is going to embed itself in every aspect of SMB operations. The more it does so, the more it will become a target for hackers and the greater the damage a successful attack will cause. For this reason, the Internet of Things will earn itself the name the “disruptor of things”.
The initial attraction of the IoT to hackers will be the massive amounts of valuable data transmitted by IoT devices and the chaos that disrupting it will cause. Malware could be used to tell refrigerators to raise their temperatures to spoil food or medicines, or instruct industrial machines to destroy themselves.
Over time, cyber gangsters will be able to develop ransomware aimed specifically at the IoT and larger and more powerful botnets that use the IoT to magnify their reach. Botnets are devices that hackers can use to control hardware without the knowledge of their owners to send spam, steal data and distribute ransomware.
Greg Mosher, Vice President of Product and Engineering, Avast business, said:
“Despite this threat, SMBs do not need to stay away from the IoT, but they do need to change the default passwords that devices come with, avoid the temptation to buy cheap, potentially insecure devices,
“Small businesses need to know which of their devices are connected to the web, what data are they collecting and who they are sending it to.”
Over the next 12 months, SMBs will continue to move data into the cloud, sometimes knowingly and sometimes unknowingly, through the apps they use. This shift of data to the cloud could increase the chance of a breach in their security from one of their suppliers.
Now, the cloud can increase cybersecurity for SMBs because the people who run cloud storage centres should be the kind of specialists that many small businesses themselves can’t afford. But the leaders of small businesses will discover that many cloud providers won’t be interested in sharing how they protect their customer data, nor in giving them any say in how their data is stored.
This lack of transparency and visibility in cloud computing is problematic t for many SMBs. After all, if someone hacks into the cloud provider’s own servers, how long would it take for anyone to inform customers? As a result, the cloud could be the perfect transmission mechanism for malware. After all, everyone trusts the cloud, don’t they?
The fix for these risks is easy. SMBs need to come up with a strategy for storing their data in the cloud and follow it. They need to pick cloud providers who can be trusted because they are open about the way they store their clients’ data.
In 2018, SMBs can expect that their faith in encryption to keep their secrets secret will take a beating as more attempts to introduce backdoors come to light.
In the last months of 2017, the NSA had to back down on the use of two new encryption algorithms that it had hoped would become global industry standards, when suspicions grew that the NSA already knew how to break them.
Then a flaw was found in the software that has been generating millions of encryption keys for national identity tags and access to highly sensitive computers since 2012.
Encryption is a game of cat and mouse, so it is going to be increasingly important for SMBs to be vigilant and keep a close eye on news surrounding the security of various encryption methods.
Science-fiction will take another step closer towards science-fact in 2018 when artificial intelligence increases in usage by SMBs protecting their data and by hackers looking to find a way in. In this arms race, the cyber criminals will use machine learning to find vulnerabilities in commercial products in the exact same way that SMBs use it to find vulnerabilities in their own systems.
AI will also help SMBs protect their data in another way. It will in effect democratise cybersecurity by allowing employees who don’t have specialist training to harness the experience of costly experts. Unfortunately, AI will also potentially allow more people to become cybercriminals.
Finally, the threat of data loss on the scale that we saw in the Equifax leak may undermine the ability of SMBs to use the internet for e-commerce and force them to look to biometrics for a solution. Biometric security is a mechanism that uses an individual's physical characteristics, such as fingerprints, face or even the way they type on a keyboard, to identify them.
This shift to biometric security will occur because so many passwords, birthdates and other personal details have been stolen that it is becoming increasingly hard to know whether someone who has the correct personal information is the real deal or an imposter.
Over the next year, small businesses will need to look at combinations of security technologies that help to verify identity. Apple Pay, for example, combines contactless payment with two-factor identification – the second factor being biometrics such as your fingerprint or face that are hard to copy.
Sounds like science-fiction? The future is already here in China where, facial identification is routinely used to pay for your Didi and for drivers to prove who they are. However, some biometric security systems have already proved to be unreliable, sometimes deliberately so – their creators say – owing to the trade-off between convenience and security.
Blockchain may also emerge as another way of proving you are who you say you are. Blockchain is the secret behind Bitcoin. It is an open digital ledger in which, for example, changes to digital identities can be recorded chronologically and publicly on many different computers. Its decentralised nature makes fraud much harder, its supporters claim.